fix slow code, add bounds checks (#1606)

Tested that players with valid names up to the usual 33 character max are still added to the player container Tested that you can still team with <= 4 players on a team Tested that chat server no longer crashes with a bad memberSize variable asserted that InsertPlayer is indeed much faster now and is no longer a slow point of ChatServer
2024-11-08 17:28:20 +00:00 · 2024-10-26 20:09:32 -07:00 · 2024-10-26 20:09:32 -07:00 · 33a8efdd22
commit 33a8efdd22
parent 8d54db7851
1 changed files with 15 additions and 7 deletions
--- a/dChatServer/PlayerContainer.cpp
+++ b/dChatServer/PlayerContainer.cpp
@ -36,16 +36,19 @@ void PlayerContainer::InsertPlayer(Packet* packet) {
 	data.playerID = playerId;
 	uint32_t len;
-	inStream.Read<uint32_t>(len);
+	if (!inStream.Read<uint32_t>(len)) return;
-	for (int i = 0; i < len; i++) {
+	if (len > 33) {
-		char character; inStream.Read<char>(character);
+		LOG("Received a really long player name, probably a fake packet %i.", len);
-		data.playerName += character;
+		return;
 	}
-	inStream.Read(data.zoneID);
+	data.playerName.resize(len);
-	inStream.Read(data.muteExpire);
+	inStream.ReadAlignedBytes(reinterpret_cast<unsigned char*>(data.playerName.data()), len);
-	inStream.Read(data.gmLevel);
+
 	if (!inStream.Read(data.zoneID)) return;
 	if (!inStream.Read(data.muteExpire)) return;
 	if (!inStream.Read(data.gmLevel)) return;
 	data.sysAddr = packet->systemAddress;
 	m_Names[data.playerID] = GeneralUtils::UTF8ToUTF16(data.playerName);
@ -122,6 +125,11 @@ void PlayerContainer::CreateTeamServer(Packet* packet) {
 	size_t membersSize = 0;
 	inStream.Read(membersSize);
 	if (membersSize >= 4) {
 		LOG("Tried to create a team with more than 4 players");
 		return;
 	}
 	std::vector<LWOOBJID> members;
 	members.reserve(membersSize);